KATA integration

Kaspersky Anti Targeted Attack Platform (hereinafter referred to as KATA) is a solution for protection of the corporate IT infrastructure and early detection of threats such as zero-day attacks, targeted attacks, and advanced persistent threats (APT). The solution is aimed at corporate users.

When a previously unknown file is found for the first time, it can be skipped without waiting for evaluation. After getting a score, if it is found to be malicious, the file is blocked when it is encountered again. This is done to prevent delays in traffic processing because it can take a significant time to get analysis results for new objects.

Integration of Kaspersky NGFW with KATA offers up-to-date detection technologies and protection against targeted attacks. When Kaspersky NGFW is integrated with KATA, probably infected files processed by the Anti-Virus are sent to KATA for scanning. Kaspersky NGFW makes the decision on which files are to be considered probably infected based on the anti-virus databases. The supported version of KATA is 6.0.4.

If Kaspersky NGFW is unable to send a file for analysis to KATA for five minutes (for example, due to server unavailability or network connection errors), the file is automatically removed from the scan queue, and an event is logged in the Streaming and Object Anti-Virus log.

KATA integration is disabled by default.

To configure the integration of Kaspersky NGFW with KATA:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.

    This opens the Policy tab.

  2. In the System section, select KATA analysis.
  3. Enable the KATA integration using the Status toggle switch.
  4. In the Client certificate field, click the Select button to open the file selection window and select your certificate file. If the certificate cannot be uploaded, an error message is displayed with the reason why.

    The certificate must satisfy the following requirements:

    • The file must be in text format (PEM).
    • We recommend using a .crt, .cer, .cert, or .pem file. However, files of other formats are allowed.
    • The certificate must be valid. You cannot download an expired certificate or a certificate that has not yet become valid.
    • The Common name must be specified.

    After the certificate is successfully uploaded, detailed information about this certificate is displayed.

  5. In the Private key field, click the Select button to open the file selection window and select your private key file.

    The private key must satisfy the following requirements:

    • The key must be encrypted with a password.
    • The password must match the downloaded certificate.
  6. In the opened window, enter the password for the private key and click OK.
  7. In the Address and Port fields, specify the address and port for connecting to the primary KATA server.
  8. In the Server certificate field, click the Select button to open the file selection window and select your certificate file. If the certificate cannot be uploaded, an error message is displayed with the reason why.

    The certificate must satisfy the following requirements:

    • The file must be in text format (PEM).
    • We recommend using a .crt, .cer, .cert, or .pem file. However, files of other formats are allowed.
    • The certificate must be valid. You cannot download an expired certificate or a certificate that has not yet become valid.
    • The Common name must be specified.

    After the certificate is successfully uploaded, detailed information about this certificate is displayed.

  9. If necessary, click the Add backup server button and specify the address, port, and certificate of the reserved KATA server.

    The primary server and all reserved servers must have unique addresses.

    Switching to another server occurs if the connection to the previous server cannot be established.

    You can configure one to three reserved servers.

  10. Apply the OSMP policy changes by clicking the Commit and push button.
  11. Configure the integration with Kaspersky NGFW in KATA. For more information about integrating KATA with external systems, refer to the KATA Help.

KATA integration is configured.

After configuring the integration, you can enable the sending of files for scanning to KATA in the Anti-Virus profiles.

Page top